CVE-2020-24330

Published: Aug 13, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.

Affected (2)

Products: Trousers Project: Trousers · Fedoraproject: Fedora

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trousers Project Trousers	Up to 0.3.14

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (10)

http://www.openwall.com/lists/oss-security/2020/08/14/1

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1164472

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/

Source: cve@mitre.org

https://seclists.org/oss-sec/2020/q2/att-135/tcsd_fixes.patch

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://sourceforge.net/p/trousers/mailman/message/37015817/

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2020/08/14/1